“Fail2ban配置”的版本间的差异
来自Dennis的知识库
Dennis zhuang(讨论 | 贡献) (以“一个示范配置如下,设置nginx http basic认证密码重试次数上限,如果超过就ban一个小时。 = 配置filter = /etc/fail2ban/filter.d/ngi...”为内容创建页面) |
2013年8月18日 (日) 04:00的最后版本
一个示范配置如下,设置nginx http basic认证密码重试次数上限,如果超过就ban一个小时。
[编辑] 配置filter
/etc/fail2ban/filter.d/nginx-auth.conf
[Definition] failregex = no user/password was provided for basic authentication.*client: <HOST> user .* was not found in.*client: <HOST> user .* password mismatch.*client: <HOST> ignoreregex = </host></host></host>
[编辑] 配置fail2ban,启用filter
/etc/fail2ban/jail.conf
[nginx-auth] enabled = true filter = nginx-auth action = iptables[name=NoAuthFailures, port=80, protocol=tcp] logpath = /var/log/nginx*/*error*.log bantime = 3600 # 1 hour maxretry = 3
[编辑] 执行测试命令
fail2ban-regex /var/log/nginx/localhost.error_log /etc/fail2ban/filter.d/nginx-auth.conf
摘自 http://serverfault.com/questions/421046/how-to-limit-nginx-auth-basic-re-tries